vulnerability

FreeBSD: VID-aeb4c85b-3600-11ed-b52d-589cfc007716 (CVE-2022-31197): puppetdb -- Potential SQL injection

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:H/Au:S/C:C/I:C/A:C)	Sep 16, 2022	Nov 4, 2022	Mar 25, 2026

Severity

CVSS

(AV:N/AC:H/Au:S/C:C/I:C/A:C)

Published

Sep 16, 2022

Added

Nov 4, 2022

Modified

Mar 25, 2026

Description

Puppet reports: The org.postgresql/postgresql driver has been updated to version 42.4.1 to address CVE-2022-31197, which is an SQL injection risk that according to the CVE report, can only be exploited if an attacker controls the database to the extent that they can adjust relevant tables to have "malicious" column names.

Solutions

freebsd-upgrade-package-puppetdb6freebsd-upgrade-package-puppetdb7

References

CVE-2022-31197
https://attackerkb.com/topics/CVE-2022-31197
CWE-89
EUVD-EUVD-2022-6614
https://euvd.enisa.europa.eu/vulnerability/EUVD-2022-6614

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report